Bug 1302385 - java-1.7.0-openjdk: Disable the RC4 cipher by default
Summary: java-1.7.0-openjdk: Disable the RC4 cipher by default
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: java-1.7.0-openjdk
Version: 7.2
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Andrew John Hughes
QA Contact: Lukáš Zachar
Robert Krátký
Depends On:
Blocks: 1297579 1313485
TreeView+ depends on / blocked
Reported: 2016-01-27 16:48 UTC by Andrew John Hughes
Modified: 2016-11-03 22:59 UTC (History)
5 users (show)

Fixed In Version: java-1.7.0-openjdk-
Doc Type: Release Note
Doc Text:
RC4 is now disabled by default in OpenJDK 6 and OpenJDK 7 Earlier _OpenJDK_ packages allowed the RC4 cryptographic algorithm to be used when making secure connections using Transport Layer Security (TLS). This algorithm is no longer secure, and it has been disabled in this release. To retain its use, it is necessary to revert to the earlier setting of the `jdk.tls.disabledAlgorithms` of `SSLv3, DH keySize < 768`. This can be done permanently in the `<java.home>/jre/lib/security/java.security` file or by adding the following line: jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768 to a new text file and passing the location of that file to Java on the command line using the `-Djava.security.properties=<path to file>` argument.
Clone Of:
Last Closed: 2016-11-03 22:59:01 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2140 0 normal SHIPPED_LIVE java-1.7.0-openjdk bug fix and enhancement update 2016-11-03 13:12:14 UTC

Description Andrew John Hughes 2016-01-27 16:48:28 UTC
Clone of bug 1217132 for RHEL 7.

Comment 4 Robert Krátký 2016-04-12 10:54:46 UTC
Hi Andrew,

This bug has been selected for inclusion in 7.3 Release Notes. Could you please add info to the Docs Text field, so that I can use it to formulate the release note?

Perhaps it could be lumped together with bug #1302383?


Comment 5 Andrew John Hughes 2016-04-12 16:16:44 UTC
Hi Robert,

Yes, that sounds like the right approach. We did the same for this pair of bugs in RHEL 6.8, and you should just be able to re-use the documentation text from bug #1217131 to cover both this and bug #1302383.

Comment 6 Robert Krátký 2016-04-12 16:44:02 UTC
Great, thanks, Andrew. I didn't notice the 6.8 bug.

Comment 9 errata-xmlrpc 2016-11-03 22:59:01 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.